Student help : Andr...
 
Notifications
Clear all

Student help : Android Anti forensic literature  

  RSS
kashif
(@kashif)
New Member

roll roll roll roll roll roll roll roll roll roll roll roll roll roll roll roll

Good Day Forensic Xperts

As a part of semester project I wish to work on Anti Forensics

Can you please point me to the right direction, where to look for anti forensic material, i could only find one white paper so far and that was using CynogenMod.

Idea - I

Just like windows offers encrypted disk drives, i want to come up and implement an encrypted disk drive for android which asks user credentials at boot time. Is it possible ? any work done in this field?

Idea -II

Read anti forensics literature and help contribute by giving my own suggestions.

time I have for this project is limited to few weeks only.

Any ideas or suggestions are welcome,

Thanks for reading this.

Quote
Posted : 23/02/2014 12:14 am
kashif
(@kashif)
New Member

so many views and not a single reply

ReplyQuote
Posted : 26/02/2014 7:34 pm
jaclaz
(@jaclaz)
Community Legend

so many views and not a single reply

Well, now you have one.

Point is that what you posted makes little sense (no offence intended).

Imagine that an art student has these ideas
1) Paint Mona Lisa.
or
2) Review all paintings in the world and provide my suggestions on them.

And posts them with the specifications that he has only a few weeks to do the one or the other.

Basically your "ideas" are either too complex/vast or the time allowance you declared for them is too little for any practical progress on them, besides this they are probably not entirely "new" either
http//security.stackexchange.com/questions/10529/are-there-actually-any-advantages-to-android-full-disk-encryption
http//nemesis2.qx.net/pages/LUKSManager
http//code.google.com/p/cryptonite/

jaclaz

ReplyQuote
Posted : 26/02/2014 10:31 pm
techjunkieguy
(@techjunkieguy)
New Member

Look up the android phone "Black phone". It's supposed to be a secure phone with services for end to end encryption.

ReplyQuote
Posted : 26/02/2014 11:37 pm
kashif
(@kashif)
New Member

Bundle of thanks
techjunkieguy and jaclaz
I will start working on these topics and see where it takes me.

ReplyQuote
Posted : 03/03/2014 7:46 pm
kashif
(@kashif)
New Member

A beautiful female student approached me and requested to join her hand in research project for

"Mobile Forensic Tools"

So Now I will be focusing on Mobile Forensic tools with some practical work on android.

ReplyQuote
Posted : 06/03/2014 3:31 pm
jaclaz
(@jaclaz)
Community Legend

A beautiful female student approached me and requested to join her hand …

Hmmm, you make it sound like you have more interest in the "beautiful female" part of the project than in the actual "forensic tools" 😯 , but it is probably anyway "creative research". )

jaclaz

ReplyQuote
Posted : 06/03/2014 4:35 pm
kashif
(@kashif)
New Member

Yeah jaclaz , u r absolutely right , oops …

she is so confuesed about what to do … oh man i was better off alone … lol

I need help guys ? ? ? ? , need guidance ,,,

My Goal is study two or three mobile Forensics software and then create an app which won't allow this forensic tool to work, i mean anti forensics or privacy app sort of thing.

Lastly it would be really great if i can publish my work in a paper or in journal etc …

Can someone guide me , maybe point to a research paper? or a show some direction ? oops

ReplyQuote
Posted : 09/03/2014 9:59 pm
Zergling
(@zergling)
Junior Member

Basically its how long can you delay the progress of examining your data…

For android and ios devices the software looks for specific folders and knows in which database (and which table/record) the data is stored - and how (e.g. timestampformats)

So if you create your own app with its own database layout, my guess is that none of the "big forensic tools" will be able to interpret your data because the decoding is based on predefined profiles and when there is no profile for your app…end of story )

However your app most likely will show up in areas like "installed apps" or "found databases" and the examiner will have to manually decode/interpret your databases.

To further complicate this ( at least a bit ) youll probably want to use encryption for stored data or use a completly different approach on storing data (e.g. no databases at all) or both.

So all of them will fail, as long as nobody analyzes your app and creates a plugin/parser etc. for it.

ReplyQuote
Posted : 11/03/2014 2:32 pm
kashif
(@kashif)
New Member

Zergling Vielen Dank für guidence

So forensic tools look for databases like contacts ,sms, etc.

I am thinking in the direction now how to disallow access of parrent apps .like contacts /sms etc to forensic tools …

ReplyQuote
Posted : 11/03/2014 3:23 pm
MobilePhoneForensic
(@mobilephoneforensic)
Member

Kashif,

Have a look at this post

http//www.forensicfocus.com/Forums/viewtopic/t=11524/

Android phones with encrypted containers already exist.

Regards

MPF

ReplyQuote
Posted : 11/03/2014 3:47 pm
kashif
(@kashif)
New Member

Bundle of thanks MobilePhoneForensic

I already posted a reply there.

Basically I want to do research in some area which has some commercial significance.

Blackphone and Boeing black are using customized android os , while i want to use native android

and change its applications to meet privacy demand.

I wish to create an app and present as a research project.

e.g. you will have two phonebooks in your mobile.

One native phonebook, other encrypted privacy pro phonebook

2nd can be set as a default phonebook

Blackphone is 625 $ , i will make my app free. )

ReplyQuote
Posted : 12/03/2014 10:27 pm
Berntsson
(@berntsson)
New Member

Why are you trying to re-invent the wheel? The absolute best "antiforensic" technique, is full disk encryption - which Android offers (dmcrypt LUKS AES128 CBC). To make it more of a nightmare, use a Nexus device and root it, then install EncPassChanger and change the pre-boot passphrase from the OS limitation of 16 characters max (which is also the screen unlock code) to, oh, how about 32 or 64 characters? LOL. You can also re-lock the boot loader with another app. Not even Chip Off or JTAG will help ***if they get the phone in a powered down state***.

If you're worried about the phone being ripped out of your hand while running unencrypted, there are projects out there that are in beta, using a TrueCrypt like "Hidden OS" on Android. But it ain't gonna be done with a single app.

ReplyQuote
Posted : 27/05/2014 7:02 pm
Alistair
(@alistair)
New Member

A little late to the thread but this guy's MSc thesis touches on the subject of anti-forensics and privacy through encryption on Android phones. Basically, he designs a way to create a hidden partition within the original partition of the Android file system.

Read more here http//defreez.com/articles/thesis.pdf

ReplyQuote
Posted : 24/06/2014 9:47 pm
Share: